Interesting People mailing list archives
IP: Re: Microsoft's pgp keys don't verify
From: David Farber <dave () farber net>
Date: Thu, 26 Jul 2001 20:58:16 -0400
X-Sender: rjs#goodread.com () mail samnet net Date: Thu, 26 Jul 2001 19:26:32 -0400 To: farber () cis upenn edu From: Richard Jay Solomon <rjs () goodread com> Subject: Re: IP: Microsoft's pgp keys don't verify Cc: ip-sub-1 () majordomo pobox com X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.For at least four months, Microsoft has been sending out security bulletins which fail a popular e-mail authentication system. As a result, the company could be opening the door to counterfeit bulletins from malicious hackers. To protect against forgery, Microsoft's security response center digitally signs its bulletins with PGP before e-mailing them to subscribers of its security notification service. But since at least March, if recipients attempt toMaybe they are forged. Reminds me of the story of the first bankcard ATM in Atlanta. At the dedication, the first person to put his card in was rejected. The machine indicated the card was invalid. The embarrassed bank officials gave him his money from the till. Then after he had vanished into the crowd, the security people checked their printed database, and indeed, the card was hot! Story told me by Ken Phillips who swore it was true. Richard
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Re: Microsoft's pgp keys don't verify David Farber (Jul 26)